AdvChain: Adversarial Chain-of-Thought Tuning for Robust Safety Alignment of Large Reasoning Models
Zihao Zhu
Abstract
AdvChain enhances the safety and reliability of large reasoning models by teaching them dynamic self-correction through adversarial chain-of-thought tuning.
Large Reasoning Models (LRMs) have demonstrated remarkable capabilities in complex problem-solving through Chain-of-Thought (CoT) reasoning. However, the multi-step nature of CoT introduces new safety challenges that extend beyond conventional language model alignment. We identify a failure mode in current safety CoT tuning methods: the snowball effect, where minor reasoning deviations progressively amplify throughout the thought process, leading to either harmful compliance or excessive refusal. This effect stems from models being trained to imitate perfect reasoning scripts without learning to self-correct. To address this limitation, we propose AdvChain, an alignment paradigm that teaches models dynamic self-correction through adversarial CoT tuning. Our method involves constructing a dataset containing Temptation-Correction and Hesitation-Correction samples, where models learn to recover from harmful reasoning drifts and unnecessary cautions. Extensive experiments show that AdvChain significantly enhances robustness against jailbreak attacks and CoT hijacking while substantially reducing over-refusal on benign prompts, achieving a superior safety-utility balance without compromising reasoning capabilities. Our work establishes a new direction for building more robust and reliable reasoning models.
Community
This paper introduces AdvChain, a new framework for robust safety alignment of Large Reasoning Models (LRMs) that teaches them to actively correct their own reasoning errors.
๐ Motivation
Current safety alignment methods, which rely on fine-tuning models to imitate "perfect" refusal scripts, suffer from a critical failure mode we term the "Snowball Effect." This leads to two major issues:
Fragile Safety: A minor harmful deviation in the model's Chain-of-Thought (CoT) can amplify uncontrollably, like a snowball rolling downhill, leading to a fully unsafe output. We term this the Snowballing Escalation of Harmfulness.
Rigid Utility: Simultaneously, the model becomes overly cautious. A small, unwarranted suspicion about a benign prompt can also snowball, causing the model to incorrectly refuse a safe request. We call this the Snowballing Escalation of Over-refusal.
๐ The AdvChain Solution
To break this safety-utility trade-off, AdvChain proposes two core innovations:
- A Paradigm Shift to Dynamic Self-Correction: Instead of teaching models to only imitate perfect scripts, we train them to recognize and recover from their own internal reasoning errors. This is achieved by constructing a novel Adversarial Safety Reasoning Dataset with two new types of data:
Temptation-Correction Samples: These samples teach the model to halt the escalation of harmfulness by simulating an internal "temptation" to comply with a harmful request, followed by an explicit correction.
Hesitation-Correction Samples: These samples teach the model to halt the escalation of over-refusal by simulating an unnecessary "hesitation" for a benign prompt, followed by a reasoned correction to proceed.
- Adversarial CoT Tuning: This fine-tuning process directly targets the cognitive inertia behind the Snowball Effect. By compelling the model to learn from these self-correcting trajectories, AdvChain builds robust, adaptive reasoning capabilities that are both safer against attacks and more helpful in practice.
This is an automated message from the Librarian Bot. I found the following papers similar to this paper.
The following papers were recommended by the Semantic Scholar API
- Towards Safe Reasoning in Large Reasoning Models via Corrective Intervention (2025)
- Mitigating Jailbreaks with Intent-Aware LLMs (2025)
- Reasoned Safety Alignment: Ensuring Jailbreak Defense via Answer-Then-Check (2025)
- Beyond Surface-Level Detection: Towards Cognitive-Driven Defense Against Jailbreak Attacks via Meta-Operations Reasoning (2025)
- SDGO: Self-Discrimination-Guided Optimization for Consistent Safety in Large Language Models (2025)
- Bidirectional Intention Inference Enhances LLMs'Defense Against Multi-Turn Jailbreak Attacks (2025)
- Simulated Ensemble Attack: Transferring Jailbreaks Across Fine-tuned Vision-Language Models (2025)
Please give a thumbs up to this comment if you found it helpful!
If you want recommendations for any Paper on Hugging Face checkout this Space
You can directly ask Librarian Bot for paper recommendations by tagging it in a comment:
@librarian-bot
recommend
Models citing this paper 0
No model linking this paper
Datasets citing this paper 0
No dataset linking this paper
Spaces citing this paper 0
No Space linking this paper
Collections including this paper 0
No Collection including this paper